Cryptology ePrint Archive: Report 2018/255

Topology-Hiding Computation Beyond Semi-Honest Adversaries

Rio Lavigne and Chen-Da Liu-Zhang and Ueli Maurer and Tal Moran and Marta Mularczyk and Daniel Tschudi

Abstract: Topology-hiding communication protocols allow a set of parties, connected by an incomplete network with unknown communication graph, where each party only knows its neighbors, to construct a complete communication network such that the network topology remains hidden even from a powerful adversary who can corrupt parties. This communication network can then be used to perform arbitrary tasks, for example secure multi-party computation, in a topology-hiding manner.

Previously proposed protocols could only tolerate so-called passive corruption. This paper proposes protocols that can also tolerate so-called fail-corruption (i.e., the adversary can crash any player at any point in time) and so-called semi-malicious corruption (i.e., the adversary can control a corrupted party's randomness), without leaking more than an arbitrarily small fraction of a bit of information about the topology. A small-leakage protocol was recently proposed by Ball et al. [Eurocrypt'18], but only under the unrealistic set-up assumption that each party has a trusted hardware module containing secret correlated pre-set keys, and with the further two restrictions that only passively corrupted parties can be crashed by the adversary, and semi-malicious corruption is not tolerated. Since leaking a small amount of information is unavoidable, as is the need to abort the protocol in case of failures, our protocols seem to achieve the best possible goal in a model with fail-corruption.

Further contributions of the paper are applications of the protocol to obtain secure MPC protocols, which requires a way to bound the aggregated leakage when multiple small-leakage protocols are executed in parallel or sequentially. Moreover, while previous protocols are based on the DDH assumption, a new so-called PKCR public-key encryption scheme based on the LWE assumption is proposed, allowing to base topology-hiding computation on LWE. Furthermore, a protocol using fully-homomorphic encryption achieving very low round complexity is proposed.

Category / Keywords: cryptographic protocols / topology-hiding, broadcast, topology-hiding computation, fail-stop, semi-malicious

Date: received 7 Mar 2018

Contact author: lichen at inf ethz ch

Available format(s): PDF | BibTeX Citation

Version: 20180307:183211 (All versions of this report)

Short URL: ia.cr/2018/255

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]